Radio Free Europe/Radio Liberty (RFE/RL) is an international news organization headquartered in Prague, Czech Republic and Washington, D.C., with 21 bureaus throughout Russia, Central Asia, Afghanistan, and Central and Eastern Europe. Reporting in 27 languages across 23 countries, RFE/RL is one of the most comprehensive news operations in the world, providing responsibly reported, fact-based news in countries where media freedoms are under threat or banned outright. From Iran and Pakistan to Hungary, Ukraine, and Azerbaijan, RFE/RL journalists give audiences what they can't always get from their own local media: uncensored information and open debate. Reporting via digital, TV, and radio platforms, RFE/RL has a measured weekly reach of 38.1 million people. A private nonprofit, RFE/RL is funded by the U.S. Congress through the U.S. Agency for Global Media. RFE/RL's editorial independence is protected by U.S. law.
IT Security Compliance Manager, RFE/RL
IT Security Compliance Manager identifies, manages, and reports on RFE/RL’s security, privacy, regulatory, legislative, and contractual obligations supporting the company’s security strategy. He/she contributes to RFE/RL’s Information Security Program led by the IT Security Director through the application of USAGM-required FISMA security controls and related best practices. He/she is responsible for ensuring RFE/RL is compliant with its Digital Security policies, standards, and procedures.
• Develop, review, and improve RFE/RL’s information security and privacy policies, standards, and procedures.
• Develop, lead, and coordinate RFE/RL’s FISMA compliance initiative which is required by USAGM and aligned to RFE/RL’s Information Security Program and FISMA requirements (NIST SP 800-53R5).
• Act as the primary point of contact to implement RFE/RL’s FISMA requirements as required by USAGM in close coordination with the Pangea Digital division and USAGM counterparts, progressing strategic objectives and maintaining necessary documentation.
• Support an overall integrated security management approach through configuration management standards.
• Implement application security vulnerability management best practices through rigorous scans and penetration tests aligned to release management activities.
• Design and schedule appropriate automated reports and appropriate technical compliance reviews and audits to maintain appropriate security protection.
• Support the IT Security team’s overall security incident management process activities, response, and reporting.
Performs other related duties as assigned.
• University Degree (Information Technology or similar)
• Security Certifications: CISSP, CISA, or CISM
• Minimum 3 years’ experience as security lead on maintaining a security management framework.
• Comprehensive experience with information security compliance in an international environment, including in risk, compliance, and information security policy development.
• Experience coordinating and maintaining application security best practices on physical and virtualized environments, inclusive of vulnerability scans and penetration testing know-how.
• Practical know-how and expertise with Microsoft operating systems and cloud environment (O365/Azure Security & Compliance).
• Knowledge of IT processes and controls and understanding of risk and control frameworks (NIST, ITIL, FISMA, GDPR).
• Strong organizational and communication skills (both verbal and written).
• Excellent interpersonal skills with the ability to effectively communicate with a wide range of individuals and teams.
• Standard of excellence with work processes and outcomes, honoring company policies and regulatory requirements.
• Attention to detail, planning ahead, and managing time well.
• Team oriented, with the ability to build strong working relationships and a positive work environment.
• Receptive to feedback, willing to learn, embracing continuous improvement.
• Strong command of English is required.
• Other languages a plus
Informace o pozici
- Radio Free Europe/Radio Liberty - Rádio Svobodná Evropa, Inc.
- Vinohradská 3333/159a, Praha – Strašnice
- Required education: Bachelor's
- Required languages: Czech (Advanced), English (Advanced)
- Benefits: Contributions to the pension / life insurance, Flexible start/end of working hours, Meal tickets / catering allowance, Educational courses, training, Cafeteria, Refreshments on workplace, Contribution to sport / culture / leisure, Sick days, Occasional work from home
- Listed in: IS/IT: Consultations, analyses, and project management, IS/IT: System and HW administration, IT Security Specialist
- Employment form
- Employment form: Full-time work
- Contract duration
- Contract duration: Limited (temporary)
- Employment contract
- Employment contract: employment contract
- Employer type: Employer